using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using System.Web.Mvc.Ajax;
using OpenQuarters.WebQuarters.Utils;
using System.Text;
using OpenQuarters.WebQuarters.Core;
using System.Net;
using System.Reflection;
using OpenQuarters.WebQuarters.Core.Web.Areas.Site.Helpers;

namespace OpenQuarters.WebQuarters.Core.Web.Areas.CMS.Controllers
{
    public class EntityController : Controller
    {
        private void setupRequest(out Type entityType, out object obj)
        {
            entityType = Utils.GeneralUtils.GetTypeByName(Oracle.Request.Form["EntityType"]);
            if (entityType == null)
            {
                throw new ArgumentException("EntityType '" + Oracle.Request.Form["EntityType"] + "' could not be found");
            }

            obj = Activator.CreateInstance(entityType);
            if (obj == null)
            {
                throw new ArgumentException("Could not create instance of type '" + Oracle.Request.Form["EntityType"] + "'");
            }
        }

        [AcceptVerbs(HttpVerbs.Post)]
        public ActionResult Save()
        {
            object obj = null;
            Type entityType = null;
            setupRequest(out entityType, out obj);

            bool bAuthorised = false;

            if ((bool)entityType.BaseType.BaseType.GetMethod("IsNew", new Type[] { }).Invoke(obj, null))
            {
                bAuthorised = Core.User.Current.HasPermission(Permissions.Entity.Create.SetValue(entityType.FullName));
            }
            else
            {
                bAuthorised = Core.User.Current.HasPermission(Permissions.Entity.Edit.SetValue(entityType.FullName));
            }

            if (!bAuthorised)
            {
                throw new System.InvalidOperationException("Not authorised to perform this operation");
            }

            obj = Utils.GeneralUtils.FromJSON(Oracle.Request.Form["Entity"].Base64Decode(), obj, entityType);
            var pkProperty = (PropertyInfo)entityType.GetMethod("GetIDProperty", new Type[] { }).Invoke(obj, new object[] { });
            obj = entityType.BaseType.BaseType.GetMethod("Load", new Type[] { pkProperty.PropertyType }).Invoke(null, new object[] { pkProperty.GetValue(obj, null) });
            obj = Utils.GeneralUtils.FromJSON(Oracle.Request.Form["Entity"].Base64Decode(), obj, entityType);
            obj = entityType.GetMethod("Save").Invoke(obj, null);

            ViewData.Model = obj.ToJSON();
            return View(SharedView.Service);
        }

        [AcceptVerbs(HttpVerbs.Post)]
        public ActionResult Delete()
        {
            object obj = null;
            Type entityType = null;
            setupRequest(out entityType, out obj);

            if (!Core.User.Current.HasPermission(Permissions.Entity.Delete.SetValue(entityType.FullName)))
            {
                throw new System.InvalidOperationException("Not authorised to perform this operation");
            }

            obj = Utils.GeneralUtils.FromJSON(Oracle.Request.Form["Entity"].Base64Decode(), obj, entityType);
            var pkProperty = (PropertyInfo)entityType.GetMethod("GetIDProperty", new Type[] { }).Invoke(obj, new object[] { });
            obj = entityType.BaseType.BaseType.GetMethod("Load", new Type[] { pkProperty.PropertyType }).Invoke(null, new object[] { pkProperty.GetValue(obj, null) });
            obj = entityType.GetMethod("Delete").Invoke(obj, null);

            ViewData.Model = obj.ToJSON();
            return View(SharedView.Service);
        }
    }
}
